Between a growing attack surface, more evasive techniques and emerging technologies, having accurate and rapid signals will be essential
Vectra AI, a leader in AI-driven cyber threat detection and remediation for hybrid and multicloud enterprises, has released its 2024 predictions, revealing the emerging trends that will shape cybersecurity in the coming year. Businesses will face an uphill battle to defend against security threats.
Attackers are becoming increasingly innovative when it comes to carrying out more technical and sophisticated attacks, such as stolen digital identity combinations. More evasive attackers mean more rules, therefore more alerts. And more alert rules to develop and maintain means more work for analysts. This situation – which Vectra calls “spiral of more” – is allowing hybrid attackers to gain the upper hand. In 2024, organizations must prioritize accurate and rapid signals to enable SOC teams to move at the speed of hybrid attackers and protect the business.
Vectra AI experts have outlined key trends that they believe will have a major impact on the cybersecurity industry in the coming year.
Christian Borst, CTO EMEA di Vectra AI:
- Threat actors will mix digital identities to cause high-profile breaches – The surge in credential harvesting attacks this year – like the flaw in Citrix NetScaler and i cyberattacks on casinos of September – suggest that cybercriminal groups are in possession of millions of potential logins. In 2024, we will see stolen credentials used to compromise digital identities and breach businesses more effectively than ever before. Credential theft has previously allowed cyber threat actors access to a handful of corporate accounts, but most did not give them administrative rights or privileged access to steal sensitive data. However, as businesses increasingly use cloud services, third-party software, and open APIs in 2024, each stolen account will offer users varying degrees of privilege. Each of these attack vectors on their own may not pose much of a problem, but we anticipate that cybercriminals will be able to mix and match stolen access to gain access to sensitive data and breach organizations. To protect against a wave of cloud-based account takeovers, organizations need to improve visibility into cloud environments so they can strengthen resilience and spot attacks before they become breaches.
- Operators of essential services will have to deal with NIS2 – In 2024, operators of essential services will have to deal with NIS2, the European Union directive on measures for a high common level of cybersecurity across the Union. The directive represents the EU's efforts to align cybersecurity best practices in essential areas. Organizations that fall under the jurisdiction of NIS2 will need to comply with it to avoid financial, reputational or even criminal penalties for failing to comply as much as possible, so we can expect this to be a significant priority for operators of essential services next year.
- The declining cost of living will push cybercriminals to be more effective with fewer resources – In 2024, slowing economic growth will continue to impact both cybercriminals and those charged with defending organizations. Both sides will focus on finding ways to be more effective with fewer resources. Many cyber “defenders” will look to leverage AI to reduce pressure on staff and increase resilience. At the same time, we will see attackers consolidate their operations to hit more achievable targets. From a practical perspective, this means that phishing will likely remain a primary attack method. But cybercriminals will also automate processes where possible to save time and resources, either by using pre-packaged cybercrime tools or by leveraging Generative AI to easily create phishing “baits.”
Massimiliano Galvagna, Country Manager for Italy of Vectra AI
- Attacks in hybrid environments will increase – In 2024 we will see a sharp increase in attacks, especially in hybrid environments. Cybercriminals will especially target companies that have part of their infrastructure in the cloud and part on-premise, because this very duality generates complexity in terms of security. We will see a greater concentration of attacks directed against credentials and identities, through social engineering techniques and even zero day vulnerabilities, and the growth of ransomware, which is still extremely used and effective, will be confirmed.
- Cyber criminals will focus on federated identities, public cloud and corporate emails – By 2024, we predict that more than 50% of security incidents will not involve endpoint compromise, as we will see a new era of threats primarily targeting federated identity systems, public clouds, and corporate email compromise. This new type of attack will exploit vulnerabilities and the relative immaturity of security practices related to cloud, identity and SaaS applications.
